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PROPOSED AMENDMENT AND INTERVIEW SUMMARY 

Dear Examiner Raab: 

In light of the interview on 22 August 2008, please find the proposed 
amendment and an interview summary below. 

Identification nf Claim* and Reference DjgCUgged 

Claim(s) for discussion: Claim 1 

Reference(s) for discussion: Chaudhuri and Lee. 

Applicant's Arguments 

Applicant wishes to point out the following distinctions between 
embodiments of the present invention and Chaudhuri as well as Lee: 
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PROPOSED AMENDMENT AND INTERVIEW SUMMARY 

Dear Examiner Raab: 

In light of the interview on 22 August 2008, please find the proposed 
amendment and an interview summary below. 

Identification of Claims and Reference Discussed 

Claim(s) for discussion: Claim 1 

Reference(s) for discussion: Chaudhuri and Lee. 

Applicant's Arguments 

Applicant wishes to point out the following distinctions between 
embodiments of the present invention and Chaudhuri as well as Lee: 

First of all, the query signature in the present invention comprises textual 
SQL keywords and operands without literals (see paragraphs [0038-0039] of the 
instant application) and is extracted from the query itself. In contrast, the 
signature in Chaudhuri is an integer derived from and then assigned to a query 
(see Chaudhuri col. 7, line 61 - col. 8, line 2; and col. 4, line 62-col. 5, line 5). 
Moreover, Chaudhury teaches matching two queries by a brute-force text-based 
string comparison, which does not differentiate SQL keywords from literals in a 
query (see Chaudhuri col. 7, lines 54-60). The present invention, on the contrary, 
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generates a signature based on the SQL keywords with literals removed. 
Furthermore, the Chaudhury system groups queries with the same signatures for 
performance comparisons (see Chaudhuri col, 5, lines 3-5). The present 
invention, on the other hand, uses query signatures to determine invalid queries of 
SQL injection (see paragraphs [0038]-[0040] of the instant application). 

Furthermore, Applicant wishes to point out that the fingerprint generation 
method disclosed by Lee is fundamentally different from embodiments of the 
present invention. The SQL injection detection system in the present invention 
produces a signature for a database query by retaining the textual SQL keywords 
contained in the query, and removing the field names and values in the query. 
Therefore, the signature in the present invention specifies a structure based on 
operations within the query and is independent of the field names and values in 
the query. However, the fingerprint disclosed by Lee is generated by selectively 
replacing only field values, but not field names, in a query with tokens, hence is 
not independent of the field names in the SQL query (see Lee Section 2.2, page 
267-268, especially, the presence of field names "custid" and "amt" in the 
fingerprint). 

Proposed Amendment: 

1 . (Currently Amended) A method for using query signatures to detect 
structured query language (SQL) injection, comprising: 

initializing a signature cache, wherein initializing the signature cache 
involves: 

trapping database queries in a controlled environment, 
parsing the database queries to produce a set of valid signatures, 
wherein parsing the database queries involves retaining SQL keywords 
contained in each query, and removing field names and correspondin g 
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values in each query, to determine the signature for each query; 

wherein the signature for a query contains the text of SQL 
keywords and operands without any field name or 

value in the query, d e t e rmining signatur es for th e qu e ri e s, wh e r e in 

th e s ignatur e SQL k e yword s contained in th e corr es ponding qu e ry - with 
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1 5 storing the valid signatures in the signature cache; 

16 receiving a query at the database; 

17 parsing the query at the database to determine a signature for the query, 

18 wherein the signature comprises SQL keywords contained in the corresponding 

19 query with literals removed; 

20 determining if the signature is located in the signature cache, which 

21 contains signatures for valid queries; and 

22 if so, allowing the corresponding SOL query to proceed, p roc es sing th e 

23 ^epjvotherwise, triggering a mismatch alert . identifying th e query as b e ing SQL 

24 ifljee*ed-and r e j e cting th e qu e ry. 

Outcome of Interview 

<N/A> 

Respectfully submitted, 



By /Shun Yao / 
Shun Yao 

Registration No. 59,242 
Date: 19 August 2008 

Shun Yao 

Park, Vaughan & Fleming LLP 
2820 Fifth Street 
Davis, CA 95618-7759 
Tel: (530) 759-1667 
Fax: (530) 759-1665 
Email: shun@parklegal.com 
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